nerdexam
Cisco

350-401 · Question #336

What is a characteristic of MACsec?

The correct answer is B. 802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption. MACsec (802.1AE) Explained Option B is correct because MACsec (802.1AE) operates at Layer 2 and is specifically built between a host and a switch using the MACsec Key Agreement (MKA) protocol, which is responsible for negotiating and managing the encryption keys and security para

Submitted by khalil_dz· Mar 6, 2026Security

Question

What is a characteristic of MACsec?

Options

  • A802.1AE provides encryption and authentication services
  • B802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption
  • C802.1AE is bult between the host and switch using the MKA protocol using keys generated via the
  • D802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol

How the community answered

(32 responses)
  • A
    3% (1)
  • B
    94% (30)
  • D
    3% (1)

Explanation

MACsec (802.1AE) Explained

Option B is correct because MACsec (802.1AE) operates at Layer 2 and is specifically built between a host and a switch using the MACsec Key Agreement (MKA) protocol, which is responsible for negotiating and managing the encryption keys and security parameters for the secure channel.

Why the distractors are wrong:

  • Option A is misleading because while 802.1AE does provide encryption and authentication, this statement alone is incomplete and doesn't describe a characteristic of how MACsec works - it's too vague to be the best answer.
  • Option C appears to be an incomplete or truncated version of a statement (likely referencing EAP or 802.1X key generation), making it inaccurate and unfinished as written.
  • Option D is incorrect because MACsec is not negotiated using Cisco AnyConnect NAM and SAP - SAP (Security Association Protocol) is associated with Cisco's older proprietary encryption method, not standard MACsec/MKA negotiation.

Memory Tip: Think "MACsec = MKA negotiates" - just as TLS uses a handshake to negotiate encryption, MACsec uses MKA to negotiate keys between the host and switch at Layer 2. If you remember the pairing MACsec ↔ MKA, option B will always stand out.

Topics

#MACsec#802.1AE#MKA Protocol#Layer 2 Security

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice